Assume we are now at ip 4004af, from the instruction decoder, we knowit's a store operation, and we want to find out what %rax is.

1. unwind to 4004ac Ignore this, because it does not touch %rax

2. unwind to 4004a8 Ignore this, because it does not touch %rax

3. unwind to 4004a4 20(%rax) => 20(24(%rax)), continue to unwind because we still have no idea what %rax is

4. unwind to 4004a0 20(24(%rax)) => 20(24(-8(%rbp))), stop unwind, because we now know -8(%rbp) is foo.

So the original 20(%rax) is replace as 20(24(-8(%rbp))), and it meansfoo->bar->fubar

Does this make sense?

Thanks,Lin Ming

> > So that what we need is a kind of the reverse compiler which generates> intermediate code (a sequence of register assignments) from> instruction code. That's not impossible task, but just hard and fun. :)> For that purpose, we'll need an instruction decoder and an evaluator> which allows us to trace the sequence of address dereferences.> > Anyway, I'd recommend that we should start with just showing> the corresponding "source line" of the address. It may be> enough for some cases.> > Thank you,> >